{"id":82,"date":"2021-12-28T22:43:00","date_gmt":"2021-12-28T22:43:00","guid":{"rendered":"http:\/\/blog.firatyasar.com\/?p=82"},"modified":"2022-03-28T22:47:21","modified_gmt":"2022-03-28T22:47:21","slug":"scan-container-images-with-trivy","status":"publish","type":"post","link":"https:\/\/blog.firatyasar.com\/?p=82","title":{"rendered":"Scan Container Images with Trivy"},"content":{"rendered":"\n

Trivy ile scan i\u015flemine ge\u00e7meden \u00f6nce CVE(Common Vulnerabilities and Exposure) ne demek ona de\u011finelim. CVE’ler bilinen a\u00e7\u0131klar ve bunlar i\u00e7in al\u0131nmas\u0131 gereken \u00f6nlemleri i\u00e7erirler. Her CVE kendisine unique bir id al\u0131r. Her CVE ayr\u0131ca bir severity score’a sahiptir. Bu score 0 ile 10 aras\u0131nda bir de\u011ferdir. Bu score sayesinde bu a\u00e7\u0131klar\u0131 kapamak i\u00e7in yap\u0131lacak i\u015flemler \u00f6nceliklendirilebilir.<\/p>\n\n\n\n

\u00d6rnek olarak bir CVE \u00e7\u0131kt\u0131s\u0131 a\u015fa\u011f\u0131daki gibidir.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Container mimarisinde bilinen bu a\u00e7\u0131klara kar\u015f\u0131 (CVE’s) tarama i\u015flemini yapan belirli tool’lar bulunuyor. Bunlardan birisi de Aqua Security taraf\u0131ndan yay\u0131nlanan Trivy.Trivy kullan\u0131m\u0131 \u00e7ok basit olan bir vulnerability scanner arac\u0131d\u0131r. Ayr\u0131ca CICD pipeline’lar\u0131na entegre edilmesi de olduk\u00e7a kolayd\u0131r. Trivy arac\u0131n\u0131n kurulumu da kullan\u0131m\u0131 gibi olduk\u00e7a kolayd\u0131r. Gerekli dependecyler kurulduktan sonra kolayl\u0131kla kullan\u0131labilir.
<\/p>\n\n\n\n

A\u015fa\u011f\u0131daki komutlar\u0131 kullanarak trivy \u00fcr\u00fcn\u00fcn\u00fcn kurulumunu kolayl\u0131kla sa\u011flayabilirsiniz.<\/p>\n\n\n\n

apt-get  update\napt-get install wget apt-transport-https gnupg lsb-release\nwget -qO - https:\/\/aquasecurity.github.io\/trivy-repo\/deb\/public.key | sudo apt-key add -\necho deb https:\/\/aquasecurity.github.io\/trivy-repo\/deb $(lsb_release -sc) main | sudo tee -a \/etc\/apt\/sources.list.d\/trivy.list<\/code><\/pre>\n\n\n\n
Ard\u0131ndan repo’lar\u0131 update edip trivy’nin kurulumunu ba\u015flatal\u0131m.<\/p>\n\n\n\n
apt-get update\napt-get install trivy<\/code><\/pre>\n\n\n\n
\u0130\u015flemler tamamland\u0131ktan sonra a\u015fa\u011f\u0131daki komutlar yard\u0131m\u0131yla trivy kullanarak container imajlar\u0131n\u0131 tarayabilirsiniz.<\/p>\n\n\n\n
trivy image nginx:1.18.0<\/code><\/pre>\n\n\n\n
E\u011fer istenirse tarball olarak indirilen imajlar da taranabilir.<\/p>\n\n\n\n
trivy image --input alpine.tar --format json --output \/root\/alpine.json<\/code><\/pre>\n\n\n\n
Tarama i\u015flemi sonras\u0131nda \u00e7\u0131kt\u0131lar a\u015fa\u011f\u0131daki gibidir.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Trivy kullanarak imajlar\u0131,dosya sistemlerini ve git repo’lar\u0131n\u0131 kolayl\u0131kla tarayabilirsiniz.<\/p>\n\n\n\n
Trviy kullanma ile ilgili best practice’ler a\u015fa\u011f\u0131daki gibidir;<\/p>\n\n\n\n